Document to use cargo install with --locked (fixes #1152)

cargo-audit/README.md

@@ -21,7 +21,7 @@ Audit your dependencies for crates with security vulnerabilities reported to the
 `cargo audit` is a Cargo subcommand and can be installed with `cargo install`:
 
 ```
-$ cargo install cargo-audit
+$ cargo install cargo-audit --locked
 ```
 
 Once installed, run `cargo audit` at the toplevel of any Cargo project.
@@ -62,7 +62,7 @@ to fix vulnerable dependency requirements.
 To enable it, install `cargo audit` with the `fix` feature enabled:
 
 ```
-$ cargo install cargo-audit --features=fix
+$ cargo install cargo-audit --locked --features=fix
 ```
 
 Once installed, run `cargo audit fix` to automatically fix vulnerable
@@ -111,7 +111,7 @@ To automatically run `cargo audit` on every build in Travis CI, you can add the
 language: rust
 cache: cargo # cache cargo-audit once installed
 before_script:
-  - cargo install --force cargo-audit
+  - cargo install --force --locked cargo-audit
   - cargo generate-lockfile
 script:
   - cargo audit

cargo-audit/src/lib.rs

@@ -3,7 +3,7 @@
 //! `cargo audit` is a Cargo subcommand. Install it using the following:
 //!
 //! ```text
-//! $ cargo install cargo-audit
+//! $ cargo install cargo-audit --locked
 //! ```
 //!
 //! Then run `cargo audit` in the toplevel directory of any crate or workspace.

cargo-audit/src/presenter.rs

@@ -187,7 +187,7 @@ impl Presenter {
         }
         // Print out any self-advisories
         let msg = "This copy of cargo-audit has known advisories! Upgrade cargo-audit to the \
-        latest version: cargo install --force cargo-audit";
+        latest version: cargo install --force cargo-audit --locked";
 
         if self.config.deny.contains(&DenyOption::Warnings) {
             status_err!(msg);